Like many social media and messaging services, WhatsApp is a convenient way to keep in touch with friends and family. But it also comes with certain risks: Scammers are using the platform to trick users into giving up sensitive information or to interfere with communication.
What are WhatsApp scams?
There are several WhatsApp scams out there—and while each looks a bit different, the end goal is the same. Scammers generally are looking to steal personal information or make money by getting you to click a link, sending you a virus, or somehow engage with their message.
“With more than a billion people using WhatsApp, it is not surprising that it has become attractive to scammers seeking to use its popularity to lure people into becoming scam victims,” said Steve Weisman, a lawyer, cybersecurity expert, and founder of Scamicide.com.
Facebook has owned WhatsApp since 2014, but scams and hoaxes are nothing new to the platform. The company reported in 2012 that fake chain mail-style messages were floating around among users, and scams and security vulnerabilities continue to be discovered.
How do WhatsApp scams work?
Many WhatsApp scams work like phishing attacks—you get a message that prompts you to click a link that downloads malware or takes you to a spoofed website to enter personal information. But there are a number of other ways bad actors use WhatsApp. Here are some ways WhatsApp scams can work.
- Spoofed messages from friends. Scammers send links that look like they’re coming from friends or contacts you know so you’re more likely to trust them. Once you click, you automatically download malware to your device, which may send sensitive information back to the perpetrators.
- Heineken free beer scam. Free beer sounds great, right? In this scam, bad actors pretending to represent Heineken sent messages to WhatsApp users promising four barrels of free beer in honor of the company’s 140th anniversary. Scammers directed victims to a fake website where they filled out a survey and were prompted to share the message with 20 friends. The scammers were after users’ personal information.
- Group chat crash. In December 2019, criminals used a WhatsApp security flaw to infiltrate and crash group chats. This forced users to reinstall the app and delete the group and all its messages.
- Phone call scam. Another WhatsApp vulnerability, reported in May 2019, would have allowed hackers to send malicious code via voice calls made to WhatsApp accounts. Users didn’t even need to answer the calls to fall victim.
- Account takeover. In this scam, bad actors tricked victims into sharing WhatsApp verification codes with supposed friends. The scammers then took control of those accounts and locked users out.
- General phishing scams. Bad actors may use romance scams, work from home (employment) scams, or fake investment opportunities to get your attention on Whatsapp.
How can I protect myself from WhatsApp scams?
You aren’t destined to fall victim to a WhatsApp scam (or any other online scam). To try and continue using the service safely and securely, there are a few key steps to follow.
First, never click on a link sent via WhatsApp. Links from scammers may prompt you to download malware to your device, which can log keystrokes or send personal information back to criminals looking to steal your identity. No link is an exception to this rule, according to Weisman.
“Even if the link is contained in a communication that appears to come from a person or company you trust, you should always verify that it is legitimate before clicking on the link,” he said.
If you do get a message containing a link you believe could be real—or a message about a giveaway—go directly to the company’s website to determine if it’s legitimate. A fake link could take you to a spoofed page that looks very real, but if you type a web address directly into your browser or google the company name, you’re less likely to land on a scam site.
Another important step is to use a reverse phone or email search service to potentially try and ascertain if the sender is who they say they are—especially if the message comes off as pushy, urgent or contains information that seems too good to be true. The sender may claim to be a friend or family member or from a company you do business with, but it could be a scammer.
If you are getting messages from senders you don’t know or trust, you can block them and report the contact as spam within WhatsApp.
Finally, keep your apps up to date. Don’t ignore software updates, as these often patch security holes and minimize vulnerabilities that lead to scams. Better yet, enable automatic updates for apps so you don’t miss a beat.